Guidance needed on well known ports

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello all,

In trudging along with the NETCONF specs we hit a bump when the IANA
asked what type of ports we would like, whether they should be well
known ports or not.  The working group has churned for a while on this
and while almost everyone agrees it's a minor thing, it seems we need
some guidance on when well known ports should be used.

On the one hand, NETCONF cannot at this time claim to be widely
implemented and so it's not all that well known.  By this argument it
should be assigned a port > 1024.  On the other hand, few protocols out
of the box are well known, and it would seem foolish to allocate new
ports when a protocol becomes well known.

The argument has been made that ports < 1024 are privileged and hence
these ports should be reserved for sensitive system services, and that
configuration services fit within that definition.  On the other hand,
this seems archaic and more in the realm of OS implementations as to
what process can bind to a port.

A third argument could be made that the decision should be based on
whether the community believes the protocol is "important" enough to
assign a well known port.  This vague notion may be appropriate but it
is something that is difficult for a spec author or even a working group
to decide.

This therefore leads to two questions for the community:

   1. Are well known ports archaic?  If so, can we request that the IANA
      do away with the distinction?
   2. If they are not archaic, under what circumstances should they be
      allocated?

My own opinion:

They are archaic and the distinction should be dropped.  Many operating
systems do not make the distinction (particularly special purpose ones)
and those that do would be better off providing a finer grain control
over what processes can bind to ports.

If you disagree then I claim that the decision to allocate a well known
port should be based on the need of an operating system to protect that
service against user interference a/o denial of service, since the only
benefit of a well known port is that non-privileged processes may not be
able to bind to ports below 1024.  Therefore it follows that device
management services deserve well known ports, and NETCONF fits the bill.

Comments?

Eliot

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]